Research On Read-Write Control Technology Of USB Storage Device For Domestic Operating Systems

The harsh reality faced by information security and information technology product supply chain has promoted the independent and controllable process of the state’s information technology application innovation industry.In recent years,under the initiative of the state requiring central enterprises and state-owned enterprises to completely finsh the information technology application innovation product substitution by 2027,the domestically-made process of the operating system has made rapid progress.Under the strong support of the state,domestic operating systems have been promoted and applied in many enterprises,especially in central enterprises and stateowned enterprises.Domestic operating systems such as UOS and Kylin have basically completed ecological construction,and now their ecological construction speed is rapid.As the USB removable storage devices is plug-and-play,convenient and fast,it has become an indispensable tool for people in the workforce.However,artificial information leakage through USB removable storage devices occurs from time to time.At the same time,there are many hidden security risks in enterprises,as it is easy to achieve the host virus lateral spreading through USB devices.It must be pointed out that Linux operating systems,including UOS and Kylin,lack a general and fine-grained access control method which can be compatible with all kinds of mainstream USB removable storage devices.Therefore,it is necessary to carry out the research on the access control method of USB removable storage devices for domestic operating systems,which has great application value and practical significance to ensure terminal side security and promote the improvement of information technology application innovation ecology.Based on the analysis and discussion of USB device driver,Kprobe tracking theory,Netlink communication theory,how USB device being accessed,USB device’s state evolution process and various existing USB device control solutions,the work focuses on the research of USB removable storage device access control method based on white listing and access permission list.The proposed scheme is compatible with all kinds of mainstream USB storage devices,and can control devices mounting,reading,writing,executing for each device.It belongs to a lightweight USB removable storage device control scheme.The main contributions and innovations of the work include:(1)Based on the Kprobe tracking method,a technical method is proposed to control the device mount when the device is enumerated,and to implement the read and write control when the file system is mounted.Compared with the traditional method of mount control when the device is mounted and read and write control when the file is read and written,the control time is earlier and the system overhead is less.(2)It provides a solution to build the unique identifier of the device based on the hot plug uevent information of the device,which has the advantages of good stability and compatibility with various mainstream USB storage devices.(3)Combining the whitelisting method and Kprobe tracking method,a fine-grained access control scheme for a single device is realized,which hardly affects other functions of the system and has good compatibility with all kinds of mainstream USB storage devices.At the same time,it has good versatility not only for domestic Linux desktop operating systems such as UOS and Kylin,but also for other mainstream Linux desktop operating systems such as CentOS.The prototype system is tested on UOS,Kylin and CentOS for USB removable storage devices such as USB flash drive,mobile phone,mobile hard disk,SD card,TF card,etc.The results show that the proposed method and prototype system have good universality and compatibility.And the prototype system will not have a significant impact on the system performance before and after loading,and it has the characteristics of lightweight control scheme.